nsa_gchq-e1448883882585

 

An unknown hacker or a group of hackers just claimed to have hacked into “Equation Group” — a cyber-attack group allegedly associated with the United States intelligence organization NSA — and dumped a bunch of its hacking tools (malware, private exploits, and hacking tools) online.

 

In what security experts say is either a one-of-a-kind breach or an elaborate hoax, an anonymous group has published what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency.

 

Screenshot from 2016-08-17 10:08:23

 

 

In a recently published blog post, the group calling itself Shadow Brokers claims the leaked set of exploits were obtained after members hacked Equation Group (the post has since been removed from Tumblr, but a cached version here was still available as this post was going live). Last year, Kaspersky Lab researchers described Equation Group as one of the world’s most advanced hacking groups, with ties to both the Stuxnet and Flame espionage malware platforms. The compressed data accompanying the Shadow Broker post is slightly bigger than 256 megabytes and purports to contain a series of hacking tools dating back to 2010. While it wasn’t immediately possible for outsiders to prove the posted data—mostly batch scripts and poorly coded python scripts—belonged to Equation Group, there was little doubt the data have origins with some advanced hacking group.

 
The files mostly contained installation scripts, configurations for command-and-control (C&C) servers, and exploits allegedly designed to target routers and firewalls from American manufacturers including, Cisco, Juniper, and Fortinet.

 

According to the leaked files, Chinese company ‘Topsec’ was also an Equation Group target.

 

The leak mentioned names of some of the hacking tools that correlate with names used in the documents leaked by whistleblower Edward Snowden, like “BANANAGLEE” and “EPICBANANA.”

 

Screenshot from 2016-08-17 10:08:40 Screenshot from 2016-08-17 10:08:56 Screenshot from 2016-08-17 10:09:24

 

It is yet not confirmed whether the leaked documents are legitimate or not, but some security experts agree that it likely is. “I haven’t tested the exploits, but they definitely look like legitimate exploits,” Matt Suiche, founder of UAE-based cyber security firm Comae Technologies, told the Daily Dot.

 

While some are saying that the leak could be a very well-researched hoax, and the Bitcoin auction could be nothing but a distraction in an attempt to gain media attention.
At the same time, the Risk Based Security post cautioned that so-called false-flag operations—in which attackers manufacture evidence that falsely implicates others—is a regular occurrence in hacking campaigns, particularly those sponsored by nations. If the claims in the Shadow Brokers’ post are true, this may be one of the only publicly known times the NSA has been compromised. But even if the claims turn out to be exaggerated, the Shadow Brokers’ post is significant, if only for the amount of work and planning that went into the fabricating evidence to provoke one of the world’s most advanced hacking operations.

 

 

Share
 

Comments are closed.